Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Anti-phishing Domain Advisor\guid.dat 38 bytes MD5: 0x57D8265284734BD29F438B2E34E5729F
SHA-1: 0xF68ED55266A53CBD230FCA8D849981CE6941844A
(not available)
2 %CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe 91,768 bytes MD5: 0xE74ACC88A5F91340E5A4F13377C19128
SHA-1: 0xF8DF29130874386E3CEA87CB3E777DA1689A7BC3
(not available)
3 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll 309,416 bytes MD5: 0xD899AFC8C5ABD5CC0CA0C544DA3F330A
SHA-1: 0x1B8E8FBCC0D990FED7A4890872E5F12BFB028B5F
(not available)
4 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe 232,616 bytes MD5: 0x6D935BE34F3FE8641403662B35575416
SHA-1: 0x27C727AA63A751259516F0F0593AB2B1F0C76B85
(not available)
5 %AppData%\blekkotb\guid.dat 38 bytes MD5: 0x4AE46F14AA60B55A90D6A82B6932EC8E
SHA-1: 0x92308110FB3665C35497ED15246B68A78507DB7C
(not available)
6 %Temp%\afterInstallCall.dat 2 bytes MD5: 0x99914B932BD37A50B983C5E7C90AE93B
SHA-1: 0xBF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
(not available)
7 %Temp%\Antiphishing_1.0.0.0.exe 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
8 %Temp%\blekko-manifest.xml
%ProgramFiles%\blekkotb\manifest.xml
878 bytes MD5: 0xDF8368E7791F84962C20A7E9801E554D
SHA-1: 0xD356174E6D0D24A9228C0406969B35147C0B5DA5
(not available)
9 %Temp%\currenttime.dat 8 bytes MD5: 0xC0B09EF75BEB1509E529BE6CD2198633
SHA-1: 0x3CDC1476EB3071332195E97BF6769889F8DC36A6
(not available)
10 %Temp%\ICReinstall\[filename of the sample #1]
[file and pathname of the sample #1]
463,080 bytes MD5: 0xAC77EB87D763EAE25CD4D24E7285D1AB
SHA-1: 0xDB8A8078EFCE0FF6A766D4E1ADE61D10707C938B
packed with UPX [Kaspersky Lab]
11 %Temp%\is1598539481\1964308452.cfg 244 bytes MD5: 0x084E82AC1766B317E093D49E6F7A66B4
SHA-1: 0x10B48C8615D1FB29209B487C5595A8351BC03A63
(not available)
12 %Temp%\is1598539481\52317_Setup.DAT
%MyDocuments%\fkeylogger.zip
568,334 bytes MD5: 0xD5FF8DB6E68AD00E82D7775DF04D1D7D
SHA-1: 0x41BEA8626EF845E713BB473C375FBA2F066E513F
MonitoringTool [Ikarus]
13 %Temp%\is1598539481\52367_Setup.CIS 2,011,228 bytes MD5: 0x21CF10C84FDC15F28DA40E7261A6F9C8
SHA-1: 0x2C4B77A8DB9794E8B2258D4FB1CBF4344DC3104C
(not available)
14 %Temp%\is1598539481\881789881.cfg 244 bytes MD5: 0x90DBC9D50155B8DE49EF87F1E30E577D
SHA-1: 0xDCC9AA4D23F330C4B1C5F977938F6415FD2A771E
(not available)
15 %Temp%\is1598539481\blekkoTb_1.0.0.12.exe 2,062,880 bytes MD5: 0x50EC4FA0E1E60E3C0E87BE518392F958
SHA-1: 0xD2A62E021E6B93EAF1672CB2BC78A31B1B2F89DE
(not available)
16 %Temp%\ish210593\css\buttons.css 1,238 bytes MD5: 0xE10BA3C9C951F5555528C9B291334879
SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C
(not available)
17 %Temp%\ish210593\css\ie6_main.css 475 bytes MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30
SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA
(not available)
18 %Temp%\ish210593\css\main.css 4,562 bytes MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242
SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A
(not available)
19 %Temp%\ish210593\css\progress-bar.css 508 bytes MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000
SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE
(not available)
20 %Temp%\ish210593\defaultOffer\ad_html.txt 233 bytes MD5: 0xE321D82C7629CFB1D714779402DD23DD
SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065
(not available)
21 %Temp%\ish210593\defaultOffer\images\techtracker.jpg 26,693 bytes MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7
SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807
(not available)
22 %Temp%\ish210593\defaultOffer\TechTracker\TechTracker_code.txt 2,966 bytes MD5: 0xE695AFF87DE58D140142A47F4F4BA207
SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1
(not available)
23 %Temp%\ish210593\defaultOffer\TechTracker\TechTracker_html.txt 1,021 bytes MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D
SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD
(not available)
24 %Temp%\ish210593\images\green_btn.png 485 bytes MD5: 0xB570EA77375823BE8510C0F27768ED62
SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB
(not available)
25 %Temp%\ish210593\images\grey_btn.png 360 bytes MD5: 0x501821D95E958528FED4747E4190B39F
SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9
(not available)
26 %Temp%\ish210593\images\loader.gif 7,791 bytes MD5: 0xEDB71146254D3B8EBAE18607E801398C
SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C
(not available)
27 %Temp%\ish210593\images\main.png 22,145 bytes MD5: 0x1A2AD75C0AF449D5719473655EF5AF04
SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA
(not available)
28 %Temp%\ish210593\images\offer_box2.png 3,024 bytes MD5: 0x61F74251810068CB9EDAEAADA3C50D29
SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E
(not available)
29 %Temp%\ish210593\images\pause_btn.png 982 bytes MD5: 0x14B92CBE22EF5A31A5533D0AB114537E
SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C
(not available)
30 %Temp%\ish210593\images\prod-icon.png 4,622 bytes MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2
SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8
(not available)
31 %Temp%\ish210593\images\progress_bar.png 456 bytes MD5: 0x26588A39E960E2F5BA70FC082A8F02AF
SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A
(not available)
32 %Temp%\ish210593\images\resume_btn.png 985 bytes MD5: 0x05E22E0225F53B69A44B443540C20324
SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF
(not available)
33 %Temp%\ish210593\images\secure_dwnl.png 2,862 bytes MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E
SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B
(not available)
34 %Temp%\ish210593\images\welcome_prod_box.png 1,593 bytes MD5: 0x93791BDB5453514A501AD84985B69824
SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0
(not available)
35 %Temp%\ish210593\images\zip_icon.png 943 bytes MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933
SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF
(not available)
36 %Temp%\ish210593\locale\EN.locale 2,450 bytes MD5: 0x5128DACAA4884C07897B2A14E924CE2D
SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669
(not available)
37 %Temp%\ish210593\mask.bmp.Mask 196 bytes MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C
SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9
(not available)
38 %Temp%\ish210593\sdk\exceptlist.txt 34 bytes MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF
SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174
(not available)
39 %Temp%\nsj4.tmp\nsProcess.dll 4,096 bytes MD5: 0x05450FACE243B3A7472407B999B03A72
SHA-1: 0xFFD88AF2E338AE606C444390F7EAAF5F4AEF2CD9
(not available)
40 %Temp%\nsj4.tmp\UAC.dll
%Temp%\nsjB.tmp\UAC.dll
16,896 bytes MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8
SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969
(not available)
41 %Temp%\nsjA.tmp 5,429,634 bytes MD5: 0x62C9D5A95DF53AEAE4428221F6A7B320
SHA-1: 0xE119E634BBEC8A5DA814675570CB8E6AFC016D48
(not available)
42 %Temp%\nsjB.tmp\features.txt 704 bytes MD5: 0x81C76135E53A812A15BA9C49D58EED3A
SHA-1: 0x433AA3FB1440080DB33A842CDEDE29E5A7FF4AF3
(not available)
43 %Temp%\nsjB.tmp\InetLoad.dll 17,408 bytes MD5: 0xE241424579FDFD683F0ADFF02B7483A8
SHA-1: 0xC4CDE72B3E5E34730A41D43383D1234279DFF1F6
(not available)
44 %Temp%\nsjB.tmp\intro-banner.bmp 85,328 bytes MD5: 0x992C923E4364DC35C88690F1F01D9393
SHA-1: 0xB13A4C63D8B1946360F4FDB8C18CB84AA7F5B613
(not available)
45 %Temp%\nsjB.tmp\intro-prod.bmp 484,666 bytes MD5: 0xA8E559D2577A3B427C1A650557C30A14
SHA-1: 0x5465E97A3394B5923A43728E269FBD218557C87C
(not available)
46 %Temp%\nsjB.tmp\ioSpecial.ini 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
47 %Temp%\nsjB.tmp\nsProcess.dll 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
48 %Temp%\nsjB.tmp\System.dll 11,264 bytes MD5: 0xC17103AE9072A06DA581DEC998343FC1
SHA-1: 0xB72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
(not available)
49 %Temp%\nsjB.tmp\xml.dll 26,624 bytes MD5: 0xFBDA05AA26E02D38EFFB82294E83EA69
SHA-1: 0xAA2291ACE177515173315668480C74442E21549D
(not available)
50 %Temp%\nsmD.tmp 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
51 %Temp%\nsn8.tmp
%Temp%\nsvF.tmp
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
52 %Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\geodata.xml 201 bytes MD5: 0x245036D5ACA72304BE9A62110F3651EC
SHA-1: 0x81A8DFADDDC56DD040BF7A46AFCC1CA4B58E042D
(not available)
53 %ProgramFiles%\blekkotb\auxi\blekkoAu.dll 262,312 bytes MD5: 0xB44898052C51EE68B854D030B65DF196
SHA-1: 0x81E1C67AFFF8F1ADDEA8F345D86816853B441DF0
(not available)
54 %ProgramFiles%\blekkotb\auxi\config.xml 274 bytes MD5: 0xFF80E6EED0C0FA47511DFE6B3B079677
SHA-1: 0xFB09E96F021D2081F95E27F2F95946BA438D06A1
(not available)
55 %ProgramFiles%\blekkotb\blekkoDx.dll 86,696 bytes MD5: 0xA5822643CEA8BD8774A1DC0D677ABA72
SHA-1: 0x348611DC4BFBC2F3D0CF1F7DA866CCA83CAEFFEE
(not available)
56 %ProgramFiles%\blekkotb\blekkotb.dll 438,952 bytes MD5: 0xF83E27ACDBA5FE18B51DF4A5FC4B2B7E
SHA-1: 0xFD15F6D3361B211A5FE6BA8FDF30D93966CD2E61
(not available)
57 %ProgramFiles%\blekkotb\chrome\content\custom.js 8,749 bytes MD5: 0x5B39BEA118C907AB7E7FA292A81AB4EC
SHA-1: 0xE174276C0D581621968A624F1902318198A4A8B6
(not available)
58 %ProgramFiles%\blekkotb\chrome\content\lib\about.xml 4,921 bytes MD5: 0x066A271DC0C17AFC6FF0A3F091C9902A
SHA-1: 0x6480FB2E8510D4F778CA5F012860F892617A83BA
(not available)
59 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpanel.xul 573 bytes MD5: 0x95EC17707A727FD33987BE7A07194E92
SHA-1: 0x2526B93671448EBBB03818DE9B57FBEE75CE561A
(not available)
60 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpaneltransparent.xul 653 bytes MD5: 0x239C5696C7BB0580A6CB81A077253AC0
SHA-1: 0x9314294B26FDD45823445211EAD848E4A133EEC4
(not available)
61 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpanelwin.xul 407 bytes MD5: 0x13CD2406BFF36932421ADA94CFF51556
SHA-1: 0x7C249E08B47E51D7B993875DB028356018CEE468
(not available)
62 %ProgramFiles%\blekkotb\chrome\content\lib\dtxprefwin.xul 307 bytes MD5: 0x65A2F4FC8403318A42176E623853E322
SHA-1: 0x9BA85F8C0715A7A96D9E1807394BD4EB3345CD0B
(not available)
63 %ProgramFiles%\blekkotb\chrome\content\lib\dtxtransparentwin.xul 657 bytes MD5: 0x2E3B30A89A70544F13F8E8A2048D32ED
SHA-1: 0xB35227B784CA041DC34AF2F2305B8579D0E71EE6
(not available)
64 %ProgramFiles%\blekkotb\chrome\content\lib\dtxwin.xul 387 bytes MD5: 0xC02FA8EF5FF25FC99F4C8591223E248A
SHA-1: 0xBBF2A613D4C430AD3D23CAE7E8BFB580CD55C12C
(not available)
65 %ProgramFiles%\blekkotb\chrome\content\lib\emailnotifierproviders.xml 1,639 bytes MD5: 0xE842A242EDE1EA20759503A099052D38
SHA-1: 0xCA593FA3E5E4AB0D5B247F96E78E0015CCD2608B
(not available)
66 %ProgramFiles%\blekkotb\chrome\content\lib\external.js 552,905 bytes MD5: 0x73CD3924278919DBDA6D3A107B0CED58
SHA-1: 0xD962E1A21C44A429B1AE4D0E4B3CF91279B576D1
(not available)
67 %ProgramFiles%\blekkotb\chrome\content\lib\neterror.xhtml 344 bytes MD5: 0xF1D321A9DA995A49E2598A93AB98A2A3
SHA-1: 0x0622F31733225F4D036D63D0AA534104B8B53081
(not available)
68 %ProgramFiles%\blekkotb\chrome\content\lib\rsspreview.html 241 bytes MD5: 0x300D38768E03CEE1C370445BBED68D8C
SHA-1: 0xC3D74B867681F0C22E0C03E93D999C7002042473
(not available)
69 %ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xml 2,602 bytes MD5: 0xFFA19686935085E9ADDF613AEACC7E65
SHA-1: 0x8BAC907152C20038539804C28BCD4B6690262E72
(not available)
70 %ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xsl 7,474 bytes MD5: 0xA8C5A0F0E6A5D0E64DD0178344B97531
SHA-1: 0x16C18DEEF77CADDE15F96E88E90CDDF5D8EADF68
(not available)
71 %ProgramFiles%\blekkotb\chrome\content\modules\datastore.jsm 5,119 bytes MD5: 0x7A6AEE7DA660ACC949996E85545B90BC
SHA-1: 0xDEA859794EBBB5B59996245BC8E1C77BECBD0F2C
(not available)
72 %ProgramFiles%\blekkotb\chrome\content\modules\nsDragAndDrop.js 22,187 bytes MD5: 0x9331B476499A8BDDE92248B7B4C43CB6
SHA-1: 0x7A2313EED6F18A613D9FB73DB1A321E1DBA0D3C3
(not available)
73 %ProgramFiles%\blekkotb\chrome\content\newtab\images\btn_search.gif 2,671 bytes MD5: 0x3A34F255095637382ABB7479C71A0EA7
SHA-1: 0xF40BA3A9C06AF7D63D8EB9A3EB3EA355D553C426
(not available)
74 %ProgramFiles%\blekkotb\chrome\content\newtab\images\bullet.gif 45 bytes MD5: 0xDA1A3193AE2D96A96DBDB8E93921D201
SHA-1: 0x256D453A9A10BE1927EFA0A461BAB1C6A016FA36
(not available)
75 %ProgramFiles%\blekkotb\chrome\content\newtab\images\field_bg.gif 389 bytes MD5: 0xB29878732B5BB33457F55CF5977C9448
SHA-1: 0xED7F9BAEF341536D53D30B7D9EFE59EED33727E2
(not available)
76 %ProgramFiles%\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif 1,029 bytes MD5: 0x0854AF6254DC1C7040B2B2EC57FD135F
SHA-1: 0xB5276943EB659F8A2806CEF454BA3A82C176D59A
(not available)
77 %ProgramFiles%\blekkotb\chrome\content\newtab\newtab.html 10,958 bytes MD5: 0xC0AA70E65C2F90A7CAEFA67BB0192873
SHA-1: 0x55AB861FE7CC0CBB3BFB1FF8CC435A58B1BDA386
(not available)
78 %ProgramFiles%\blekkotb\chrome\content\preferences.xml 663 bytes MD5: 0xF7725A8FD65327FBD2DC578958D4FB2D
SHA-1: 0x70A6589C6B66C55439B0A02359A20342E27A8BF3
(not available)
79 %ProgramFiles%\blekkotb\chrome\content\toolbar.htm 631 bytes MD5: 0xBAFF789DC96EB9843679D135E865C0D0
SHA-1: 0xEC898E42152CED6B02120CEC7A4B16E177D695E7
(not available)
80 %ProgramFiles%\blekkotb\chrome\content\toolbar.xul 553,681 bytes MD5: 0x8B31BA91A0393AB74EF08631F053C165
SHA-1: 0x381651B1B1B8A405FD214F8EDAEA124FA9251DC0
(not available)
81 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
4,617 bytes MD5: 0x85E442DB22E79AB9A933EE1661694957
SHA-1: 0xCB077C2427AA303E157E834C7B777FBF36C2ACFF
(not available)
82 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
216 bytes MD5: 0x93A9594D662E46C469CCE305BEE633A4
SHA-1: 0x72D66435320059EAB467384D21D683D4A7BED133
(not available)
83 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
175 bytes MD5: 0x41F85B4A728F76041B5E261A62CDE981
SHA-1: 0xB1D1AEC331B43A1E76C635AC67350A3DC10B84D9
(not available)
84 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
120 bytes MD5: 0x2AFDE8BF7BF1E50285E272DA05FC4C3E
SHA-1: 0x73E5809B0ED33E7181F8A57295722CD9861E6844
(not available)
85 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif 1,814 bytes MD5: 0xA49CFBDF6ACEF6B36406F9BAA738B002
SHA-1: 0x36E6A2A512A7D9EE1FBA3B0D9511BCA3D3196AD3
(not available)
86 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
1,457 bytes MD5: 0xA5E46071EFDD952C700009C5855BAB21
SHA-1: 0xC93D0243F09120CCD15AB52D4E566B0BADB589DE
(not available)
87 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
1,981 bytes MD5: 0xBD29344AE6BECAE4821196BD0D8FFFB9
SHA-1: 0x7E527903E3187EC1A1336FC62286C0C6C7FBD654
(not available)
88 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
4,176 bytes MD5: 0xEBDFC31F9FBC9848AB637C12D0119A9A
SHA-1: 0x4D4DDDED1F429530E8205D1950D781FA4F32E1FF
(not available)
89 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html 612 bytes MD5: 0xECF47C985F922B4353D3A5D98DA1075E
SHA-1: 0x1EFE6335FFA8B2FCA0683FD684585CBEB073CB11
(not available)
90 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css 3,528 bytes MD5: 0x3EE900FB5A9C90984D4C180A7ACFACCD
SHA-1: 0x95673F8432F16BDAD731E5557BED13E22B3B1DA2
(not available)
91 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png 126 bytes MD5: 0x2002588119B8478D19ADC51FAEB45D21
SHA-1: 0xAEC019679F1F8BAFA8D0C769AFB1DFD4410769D6
(not available)
92 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif 1,782 bytes MD5: 0x66C3F2AC382ACCEEB14C8DDE57112ACB
SHA-1: 0x0171D81A90D80BDAD85898AA2617CC49C7CF5637
(not available)
93 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png 49,773 bytes MD5: 0xDFA0C68826162BFCC1C493624B0B0082
SHA-1: 0xD6346F7DA4120F21E032D05D7393C6A32A15D13D
(not available)
94 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png 49,488 bytes MD5: 0xE144769EA9E6693E289FFFADE417E4AB
SHA-1: 0x10816B3437FE23C20A97B04B95F9873E28F6AF5E
(not available)
95 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png 48,603 bytes MD5: 0x5D8C66D3034CB36A07C953D70ED4B916
SHA-1: 0xBAFAC8282C7C7CADD221367E25FD9E2F17F0759A
(not available)
96 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif 352 bytes MD5: 0xEE7EEE8F8D078C61E6B9456CCDF0C474
SHA-1: 0xF635571BB9A2B97076325479719E600153734AEB
(not available)
97 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png 48,031 bytes MD5: 0x3E92D10248D63067AAF9A04DA1A3552C
SHA-1: 0x0EF9181C9716DFD951BF22A0F3F6B8F0A4A60D7B
(not available)
98 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif
49 bytes MD5: 0x3D045B93716ED28DC745E648B3428A26
SHA-1: 0x36955B7E83FF9F5053CF23BD870D720A598C53AA
(not available)
99 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png 47,079 bytes MD5: 0x1C7F55510E4E46B860CB222DA1929C0A
SHA-1: 0xA3752B714C5EC92D257B9C5B896CED3477B4901E
(not available)
100 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png 46,958 bytes MD5: 0x8162076754549379792A547C3311C378
SHA-1: 0x6732B7BD38760365C69EB0D70B5E5F5004929670
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,101,824 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
146.185.27.5380
178.236.5.3580
199.87.249.1580
207.171.163.21680
207.171.163.3480
23.2.17.13880
23.2.17.14480
50.17.195.19780
50.17.255.10880
64.30.224.8980

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.